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Sir/Madam: 

Further to the Notice dated December 4, 2006, Appellants present this Appeal 
Brief. Appellants respectfully request that this appeal be considered by the Board of 
Patent Appeals and Interferences. 
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I. REAL PARTY IN INTEREST 

As evidenced by the assignment recorded at Reel/Frame 012274/0312, the subject 
application is owned by Sun Microsystems, Inc., a corporation organized and existing 
under and by virtue of the laws of the State of Delaware, and now having its principal 
place of business at 4150 Network Circle, Santa Clara, CA 95054. 
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II. RELATED APPEALS AND INTERFERENCES 

No other appeals, interferences or judicial proceedings are known which would be 
related to, directly affect or be directly affected by or have a bearing on the Board's 
decision in this appeal. 
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III. STATUS OF CLAIMS 

Claims 1-6, 9-15, 17-23, 25-31 and 34 are pending and rejected, and are the 
subject of this appeal. A copy of claims 1-6, 9-15, 17-23, 25-31 and 34 as on appeal is 
included in the Claims Appendix hereto. 
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IV. STATUS OF AMENDMEMNTS 

No amendments to the claims have been submitted subsequent to the final 
rejection. 
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V. SUMMARY OF CLAIMED SUBJECT MATTER 



The subject matter of the present claims generally relates to the field of computer 
network security in multi-community computing nodes. 

Claim 1 recites a method of community access control in a Multi-Community 
Node (MCN). In an enterprise network, some computing resources may be dedicated to 
users of a single community, and others may be shared among users of multiple 
communities. A Multi-Community Node (MCN) is a network node which processes 
information on behalf of individuals in more than one community, (e.g., see 1010 of 
Figure 10; pp. 29-30; pp. 1-2). In contrast, Single Community Nodes (SCNs) are network 
nodes (e.g., computers, networking equipment, etc.) processing information on behalf of 
users in a single community. Examples of MCNs include servers and routers. Executing 
on MCNs are Multi-Community Applications (MCAs). MCAs are software applications 
performing functions on behalf of users in more than one community, (e.g., see 1020 of 
Fig. 10). 

The method of claim 1 comprises receiving a request for access to an object. 
Objects may include file systems, storage volumes, directories, files, memory regions, 
queues, pipes, sockets, input/output devices, or other operating system controlled 
resources, {e.g., p. 25, lines 17-19). 

The method further comprises consulting a community information base (CIB) 
responsive to said request, wherein said CIB includes: a user community set (UCS) for 
each user of said MCN; an application community set (ACS) for each application on said 
MCN; and an object community set (OCS) for each object residing within said MCN 
(e.g., see 1060 of Fig. 10; p. 25, lines 4-8). 

The method farther comprises permitting access to said object in response to 
detecting: said request is from a user; and a UCS of said user is a superset of an OCS of 
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said object, (e.g., page. 4, lines 22-25). 

The method further comprises permitting access to said object in response to 
detecting: said request is from a process; and an ACS of said process is a superset of an 
OCS of said object, (e.g., page 26, lines 11-16). 

Claim 10 recites a Multi-Community Node (MCN). As discussed above, a Multi- 
Community Node is a network node which processes information on behalf of individuals 
in more than one community, (e.g., see 1010 of Figure 10; pp. 29-30; pp. 1-2). Claim 10 
recites the MCN comprises a community information base (CIB) which includes a user 
community set (UCS) for each user of said MCN; an application community set (ACS) 
for each application on said MCN; and an object community set (OCS) for each object 
residing within said MCN (e.g., see 1060 of Fig. 10; p. 25, lines 4-8). In addition, the 
MCN is recited as including a processing unit which is configured to receive a request for 
access to an object (e.g., p. 25, lines 17-19), and consult the CIB responsive to said 
request. The processing unit is further configured to permit access to said object in 
response to detecting said request is from a user; and a UCS of said user is a superset of 
an object community set (OCS) of said object (e.g., page. 4, lines 22-25). The processing 
unit is also configured to permit access to said object in response to detecting said request 
is from a process; and an ACS of said process is a superset of said OCS (e.g., page 26, 
lines 11-16). 

Claim 18 recites a computer system comprising a computer network and a multi- 
community node (MCN). See the discussion above regarding claim 10 for a summary 
regarding the recited MCN. 

Claim 26 recites a carrier medium comprising program instructions. The program 
instructions are generally executable to perform the method recited in claim 1 . See the 
discussion above regarding claim 1 for a summary regarding the recited features. 
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VI. GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

1. Claims 1-6, 9-15, 17-23, 25-31 and 34 stand finally rejected under 35 U.S.C. § 
103(a) as being unpatentable over U.S. Patent No. 5,265,221 (hereinafter "Miller") in 
view of U.S. patent 6,772,350 (hereinafter "Belani"). 
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VII. ARGUMENT 

Claims 1-6, 9-15, 17-23, 25-31 and 34 stand finally rejected under 35 U.S.C. § 
103(a) as being unpatentable over U.S. Patent No. 5,265,221 (hereinafter "Miller") in 
view of U.S. patent 6,772,350 (hereinafter "Belani"). Appellants traverse these rejections 
for the following reasons. 

Different groups of claims are addressed under their respective subheadings. 

Claims L 10, 18 and 26 



Miller and Belani do not disclose, teach, or suggest, either separately or in 
combination, at least the recited CIB which includes "an application community set 
(ACS) for each application on said MCN" as recited in claim 1. In rejecting claim 1, the 
Examiner states in paragraph 2 of the Final Office Action (for convenience, and due to 
the brevity of the rejection, the entirety of the rejection is reproduced below): 

"As per claims 1, 10, 18 & 26 Miller disclosed a computer system 
comprising: a Multi-community Node (MCN) comprises: a community 
information base (CIB), wherein said (CIB) (col. 2, lines 42-47) includes: 
a user community ser (UCS) for each user of said MCN (col. 2, lines 47- 
52); an application community set (ACS) for each application on said 
MCN; and an object set (PCS) for each object residing within said MCN 
(col. 2, lines 52-62); a processing unit configured to receive a request for 
access to an object; consult said CIB responsive to said request; permit 
access to said object in response to detecting said request is from a user; 
and a UCS of said user is a superset of an object community set (OCS) of 
said object; permit access to said object in response to detecting: said 
request is from a process; and an ACS said process is a superset of said 
OCS (col. 5, lines 39-62). 

However Miller did not explicitly disclose a computer network coupled to 
the Multi-community node (MCN). In the same field of endeavor Belani 
disclosed a computer network; and a multi-community node (MCN) 
coupled to said computer network (col. 4, lines 34-38). At the time the 
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invention was made it would have been obvious to one in the ordinary 
skill in the art to incorporate a connection to computer network as 
disclosed by Belani to a computer system of Miller in order to make the 
computer system more versatile and scalable by having multiple 
clients/users connect to the system from various locations." (emphasis 
added). 

By way of preface, a community set is defined on page 9 of the Description as 
follows: "A "Community Set" is a set of communities, which may consist of no 
communities (the null community set) or any number of communities. Each individual 
community within the community set is said to be a "member" of the set." As seen from 
the above rejection, the Examiner states that Miller disclosed a CIB which includes "an 
application community set (ACS) for each application on said MCN Appellant 
respectfully disagrees. Appellant further notes that while the Examiner cited portions of 
Miller as purportedly disclosing other preceding features of claim 1, the Examiner 
provided no citation for at least this feature and Appellant submits this feature is not 
disclosed by Miller as suggested. More generally, with respect to the recited CIB and 
related features, the Examiner cites col. 2, lines 42-62 of Miller which discloses: 



"According to the present invention, as embodied and broadly described 
herein, an access control mechanism using a processor is provided for 
specifying access control policies to entities, comprising subject means, 
verb means, object means, definition means, rule means and evaluation 
means. The processor may be embodied as a microprocessor and memory, 
or computer using software. The subject means stores user information in 
a matrix having information for each user on each row, and user attributes 
pertaining to the specific user in each field (column). The object means 
stores object names with object attributes and object rules expressed as 
object-boolean expressions for defined verb names. The definition means 
stores field definitions, external function declarations and strings. The verb 
means stores verb names with a default rule for each verb name. The rule 
means stores rule names with their associated rule-boolean expressions. 
The evaluation means is coupled to the subject means, verb means, 
definition means, object means and the rule means, and determines 
whether access to the entity is allowed." 
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As can be seen from the above, the apparatus of Miller is a rather complex 
collection comprising a subject means, verb means, object means, definition means, rule 
means and evaluation means. However, Appellant submits nothing in the above 
disclosure teaches or suggests a CIB including the "application community set (ACS) for 
each application on said MCN" as recited. 

In addition to the above, the Examiner further states that Miller disclosed a 
processing unit configured to "permit access to said object in response to detecting: said 
request is from a process; and an ACS [of] said process is a superset of said OCS (col. 5, 
lines 39-52)." Appellant respectfully disagrees. Again, for convenience, the portion of 
Miller cited by the Examiner is reproduced below: 



" Ownership 

It is probably an application-dependent choice whether an object can 
have more than one owner. Ownership policies are sometimes 
implemented so that only the owner of an object has the right to delete 
or modify the object. However, in many commercial database systems, 
multiple users can have such authorizations for the same relation or 
view. Ownership could alternatively be interpreted as the right to grant 
and revoke authorizations for an object to and from other users. 
However, in any system that uses copyflags (such as Oracle) or that 
has access modes for grant and/or give-grant (as does SeaView [4, 5]), 
many users could have such authorizations. Although a special user, 
such as database administrator or security officer, may be able to grant 
and revoke authorizations that were not explicitly granted to him or 
her, that special user should not be able to revoke authorizations from 
the owner (although this may also be an application-dependent choice). 
A facility that allows an appropriate ownership policy for the 
organization to be defined at system installation would allow vendors 
to provide the comprehensiveness and flexibility of control to cover 
most applications, access control requirements while avoiding having 
to "wire in" a fixed ownership policy." (Miller, col. 5, lines 38-62). 



11/28 



Application Serial No. 09/981,608 - Filed October 16, 2001 



However, this disclosure of Miller merely provides a general discussion 
concerning ownership and nothing in this disclosure teaches a processing unit configured 
to "permit access to said object in response to detecting: said request is from a process; 
and an ACS of said process is a superset of said OCS of said object." Further, neither 
does this disclosure of Miller disclose the "application community set (ACS) for each 
application on said MCN" as recited. 

In the Response to Arguments (paragraph 11 of the Final Office Action dated 
January 11, 2006), the examiner made the following statement: 

"As to applicant's arguments ... In the claims "permit access to said 
object in response to detecting: said request is from a process; and an ACS 
said process is a superset of said OCS", basically describes that when a 
users wants to access a file, the system checks what kind of permissions 
does a user have in association with the file i.e. if the user is owner/creator 
of the file or has read/write permissions. Miller disclosed it in (col. 5, lines 
39-62). (emphasis added). 

However, Appellant respectfully submits this kind of reasoning is inadequate to 
support the above rejections and amounts to a straw man argument. As already noted 
above, the disclosures cited by the Examiner do not disclose the features as recited. Here, 
in the Examiner's Response to Arguments, the Examiner provides his own, alternative, 
claim recitation - i.e., the Examiner states that the claim feature(s) "basically describes 
that when a users wants to access a file, the system checks what kind of permissions does 
a user have in association with the file i.e. if the user is owner/creator of the file or has 
read/write permissions." However, this is not what is recited in the claim. The claim 
recites at least features concerning community sets (e.g., UCS, ACS and OCS), and 
performing set operations (e.g., an ACS of said process is a superset of said OCS). As 
discussed above, the Examiner has not identified at least these features as recited and his 
Response to Arguments provides nothing further in this regard. 
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In addition to the above, it is noted that the Examiner makes no reference to any 
of the details of the Miller reference. Rather, the above quotations which reference 
column 2 and 5 of Miller are all that are cited in the entirety of the Office Action, other 
than a single sentence at col. 1, lines 30-34. Each of these cited disclosures are merely 
general statements concerning what is disclosed in Miller and do not provide teachings 
equivalent to those recited features. Upon review of the remainder of Miller, not only is it 
apparent that the above discussed features are not disclosed, but the nature of the 
mechanism disclosed by Miller is quite different from that presently claimed. 

For example, Miller discloses storing information about subjects, objects, verbs, 
rules, and definitions. In particular, Miller discloses: 

"In the embodiment shown in FIG. 2, the subject memory 204 stores user 
information in a logical matrix having a specific user on each row, with 
user attributes, i.e. data pertaining to the specific user, in each field 
(column). The object memory 206 stores object names and object 
attributes and optionally object rules for defined verbs. The verb memory 
208 stores verb names with a default rule for each verb name. The rule 
memory 210 stores rule names with their associated boolean expressions. 
The definition memory 212 stores field definitions, external function 
declarations, and strings. The evaluator 202, coupled to the subject 
memory 204, object memory 206, verb memory 208, the rule memory 210 
and the definition memory 212, allows or disallows access of the user 102 
to the entity 106 according to the specified verb, specified default rule, and 
user and object attributes ." (Miller, col. 4, lines 14-30, emphasis added). 

This verb, rule, attribute mechanism taught by Miller is quite distinct from the 
presently recited features of claim 1 . Further, in Fig. 5 and related text, Miller describes 
an object window which includes object names and corresponding rules for defined verbs. 
For example, Miller teaches: 

"The object window, shown in FIG. 5, is used to display and update object 
names and rules for defined verbs. The information displayed in the object 
window corresponds to the data stored in the object memory 206. In FIG. 
5, information preceding the colon (:) is either the name of the object or an 
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attribute of the object, the semantics being defined via the definition 
window. Everything after the object name is considered to be a rule list. 
Rules for specific verbs are designated as: 

<verb name>: <rule> 



Object rules must be separated by semicolons (;). 

In this window, rule names, defined in the rule window, are prefixed by a 
colon (:) and verb names, defined in the verb window, are suffixed by a 
colon (:). For example, one of the rules specified above for object 
"SVXYZFn^" is: 

W: :MEMBER_OF_A & SUBJ.NAME o'NABER'; 

The verb W (WRITE) is defined in the verb window, and the rule 
MEMBER13 OF] 3 A is defined in the rule window. This means that the 
verb W can be invoked for object $VXYZ FILE] 3 2 only if the rule 
MEMBER] 3 OF 13 A satisfied. The other part of the rule, "& SUBJ.NAME 
oNABER", means that even if the rule MEMBER13 OF13 A is satisfied, 
write access by NABER is specifically denied. The write rule for object 
"$VXYZ FELE13 1" indicates that the user must be on the access control 
list ACL13 1, as specified in in [sic] the definition window." (miller, col. 8, 
line 63 - col. 9, line 26). 



In the above, it can be seen that Miller discloses access control to an object by 
providing a <object name> : <verb_name> :: <rule> combination. In the example, it is 
determined whether a user may write to a file $VXYZ FILE_2. If the user is a member of 
A (and is not NABER), then the user may write to the file. Clearly, such a teaching is not 
equivalent to that as recited wherein "an ACS of said process is a superset of an OCS of 
said object." Note there is no teaching of an OCS of said object. Neither is there a 
teaching of an ACS of said process being a superset of the OCS. Further, the teaching 
describes determining if a user is a member of A (e.g., is the user a member of a group 
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A). Apart from the other distinctions, even this teaching at best would merely ask whether 
the user is a member of a group. Again, such an approach is not equivalent to "an ACS of 
said process is a superset of an OCS of said object." 

Appellant submits the above teaching of Miller further makes clear that Miller 
discloses a fundamentally different approach than that recited by the Appellant. In view 
of the above discussion, as the cited references do not teach or suggest all of the features 
of claim 1, either singly or in combination, Appellants submit the Examiner has not 
established a prima facie case of obviousness. For at least the reasons provided above, 
the rejection of claim 1 is not supported by the cited art. Withdrawal of the rejection to 
claim 1, and claims dependent thereon, is respectfully requested. 

Appellant further notes each of independent claims 10, 18 and 26 include features 
similar to those discussed above and are patentably distinguishable for similar reasons. 
Accordingly, withdrawal of the rejections of claims 10, 18 and 26, and claims dependent 
thereon, are respectfully requested. 

Claims 5, 14, 22 & 30 

Claim 5 recites the features "further comprising permitting an owner of said 
object to designate a first user as a new owner of said object, in response to detecting a 
UCS of said first user is a superset of said OCS." Appellant submits these features are 
neither taught nor suggested in the cited art. 

In the Final Office Action (paragraph 6), the Examiner states that the above 
features are taught by Miller at column 5, lines 39-62 (already discussed above). 
However, this disclosure of Miller merely provides a general discussion regarding 
ownership. It is first noted that the cited disclosure nowhere teaches "permitting an owner 
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of said object to designate a first user as a new owner of said object." At best, the cited 
disclosure states "Ownership could alternatively be interpreted as the right to grant and 
revoke authorizations for an object to and from other users" which is not equivalent. 
Further, the features recite that the permission is "in response to detecting a UCS of said 
first user is a superset of said OCS." Nothing in the cited disclosure teaches such features. 
As already discussed above, these set, and set operations as recited are not disclosed. In 
view of the above discussion, as the cited references do not teach or suggest all of the 
features of claim 5, either singly or in combination, Appellants submit the Examiner has 
not established a prima facie case of obviousness. For at least the reasons provided 
above, the rejection of claim 5 is not supported by the cited art. Withdrawal of the 
rejection to claim 5 is respectfully requested. 

Appellant further notes each of dependent claims 14, 22 and 30 include features 
similar to those of claim 5 and are patentably distinguishable for similar reasons. 
Accordingly, withdrawal of the rejections of claims 14, 22 and 30 is respectfully 
requested. 

Claims 6, 15,23 & 31 

Claim 6 recites the additional features "further comprising allowing a first process 
to change said OCS of said object to a subset of said ACS of said first process, in 
response to detecting an owner of said first process is an owner of said object and said 
ACS is a superset of said OCS." Appellant submits these features are neither taught nor 
suggested in the cited art. 

In the Final Office Action, the Examiner states that the above features are taught 
by Miller at column 5, lines 39-62 (already discussed above). However, this disclosure of 
Miller merely provides a general discussion regarding ownership. Nothing in this 
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disclosure includes "allowing a first process to change said OCS of said object to a subset 
of said ACS of said first process." In contrast, the cited disclosure merely states 
"[although a special user, such as database administrator or security officer, may be able 
to grant and revoke authorizations that were not explicitly granted to him or her, that 
special user should not be able to revoke authorizations from the owner." Appellant 
submits this disclosure is not equivalent to "allowing a first process to change said OCS 
of said object to a subset of said ACS of said first process." Further, it is noted that claim 
6 recites said allowing is "in response to detecting an owner of said first process is an 
owner of said object and said ACS is a superset of said OCS." Such features are not 
disclosed in the cited teaching of Miller and are nowhere disclosed in Miller as suggested. 

In view of the above discussion, as the cited references do not teach or suggest all 
of the features of claim 6, either singly or in combination, Appellants submit the 
Examiner has not established a prima facie case of obviousness. For at least the reasons 
provided above, the rejection of claim 6 is not supported by the cited art. Withdrawal of 
the rejection to claim 6 is respectfully requested. 

Appellant further notes each of dependent claims 15, 23 and 31 include features 
similar to those of claim 6 and are patentably distinguishable for similar reasons. 
Accordingly, withdrawal of the rejections of claims 15, 23 and 31 is respectfully 
requested. 

Claims 9, 17, 25 &34 

Claim 9 recites the further features "wherein said CIB further includes a creator 
and a current owner for each object residing within said MCN." Appellant submits these 
features are neither taught nor suggested in the cited art. 
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In the Final Office Action, the Examiner states that the above features are taught 
by Miller at column 5, lines 39-62 (already discussed above). However, this disclosure of 
Miller merely provides a general discussion regarding ownership. Nothing in this 
disclosure includes "wherein said CIB further includes a creator and a current owner for 
each object residing within said MCN." Further, nothing in this disclosure mentions the 
creator of an object. 

In view of the above discussion, as the cited references do not teach or suggest all 
of the features of claim 9, either singly or in combination, Appellants submit the 
Examiner has not established a prima facie case of obviousness. For at least the reasons 
provided above, the rejection of claim 9 is not supported by the cited art. Withdrawal of 
the rejection to claim 9 is respectfully requested. 

Appellant further notes each of dependent claims 17, 25 and 34 include features 
similar to those of claim 6 and are patentably distinguishable for similar reasons. 
Accordingly, withdrawal of the rejections of claims 17, 25 and 34 is respectfully 
requested. 
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Conclusion 

For the foregoing reasons, it is submitted that the Examiner's rejection of claims 
1-6, 9-15, 17-23, 25-31 and 34 was erroneous, and reversal of his decision is respectfully 
requested. 

No fees are believed necessary; however, the Commissioner is hereby authorized 
to charge any fees which may be required to Deposit Account No. 501505/5181- 
75800/RDR. 



Meyertons, Hood, Kivlin, 

Kowert & Goetzel, P.C. 
P.O. Box 398 
Austin, TX 78767-0398 
(512) 853-8850 

Date: January 4, 2007 



Respectfully submitted, 




Rory D. Rankin 
(Reg. No. 47,884 
Attorney for Appellants 
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VIII. CLAIMS APPENDIX 

The claims on appeal are as follows. 

1 . A method of community access control in a Multi-Community Node (MCN), said 
method comprising: 

receiving a request for access to an object; 

consulting a community information base (CIB) responsive to said request, 
wherein said CIB includes: 

a user community set (UCS) for each user of said MCN; 
an application community set (ACS) for each application on said MCN; 
and 

an object community set (OCS) for each object residing within said MCN; 

permitting access to said object in response to detecting: 
said request is from a user; and 

a UCS of said user is a superset of an OCS of said object; and 

permitting access to said object in response to detecting: 
said request is from a process; and 

an ACS of said process is a superset of an OCS of said object. 

2. The method of claim 1 , wherein said object is an operating system controlled 
resource. 

3. The method of claim 2, wherein said object is selected from the group consisting of a 
file system, a storage volume, a directory, a file, a record, a memory region, a queue, a 
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pipe, a socket, a port, or an input/output device. 

4. The method of claim 1, wherein an initial owner of said object is a creator of said 
object. 

5. The method of claim 1, further comprising permitting an owner of said object to 
designate a first user as a new owner of said object, in response to detecting a UCS of 
said first user is a superset of said OCS. 

6. The method of claim 1, further comprising allowing a first process to change said 
OCS of said object to a subset of said ACS of said first process, in response to 
detecting an owner of said first process is an owner of said object and said ACS is a 
superset of said OCS. 

7. (Canceled). 

8. (Canceled). 

9. The method of claim 1, wherein said CIB further includes a creator and a current 
owner for each object residing within said MCN. 

10. A Multi-Community Node (MCN) comprising: 

a community information base (CIB), wherein said CIB includes: 
a user community set (UCS) for each user of said MCN; 
an application community set (ACS) for each application on said MCN; 
and 

an object community set (OCS) for each object residing within said MCN; 
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a processing unit configured to: 

receive a request for access to an object; 
consult said CIB responsive to said request; 
permit access to said object in response to detecting: 
said request is from a user; and 

a UCS of said user is a superset of an object community set (OCS) 
of said object; 

permit access to said object in response to detecting: 
said request is from a process; and 
an ACS of said process is a superset of said OCS. 

11. The MCN of claim 10, wherein said object is an operating system controlled resource. 

12. The MCN of claim 11, wherein said object is selected from the group consisting of a 
file system, a storage volume, a directory, a file, a record, a memory region, a queue, a 
pipe, a socket, a port, or an input/output device. 

13. The MCN of claim 10, wherein an initial owner of said object is a creator of said 
object. 

14. The MCN of claim 10, wherein said processing unit is further configured to permit an 
owner of said object to designate a first user as a new owner of said object, in 
response to detecting a UCS of said first user is a superset of said OCS. 

15. The MCN of claim 10, wherein said processing unit is further configured to allow a 
first process to change said OCS of said object to a subset of said ACS of said first 
process, in response to detecting an owner of said first process is an owner of said 
object and said ACS is a superset of said OCS. 
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16. (Canceled). 

17. The MCN of claim 10, wherein said CIB further includes a creator and a current 
owner for each object residing within said MCN. 

18. A computer system comprising: 

a computer network; and 

a multi-community node (MCN) coupled to said computer network, wherein said 
MCN comprises: 

a community information base (CIB), wherein said CIB includes: 
a user community set (UCS) for each user of said MCN; 
an application community set (ACS) for each application on said 
MCN; and 

an object community set (OCS) for each object residing within said 
MCN; 

a processing unit configured to: 

receive a request for access to an object; 
consult said CIB responsive to said request; 
permit access to said object in response to detecting: 
said request is from a user; and 

a UCS of said user is a superset of an object community set (OCS) 
of said object; 

permit access to said object in response to detecting: 
said request is from a process; and 
an ACS of said process is a superset of said OCS. 
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19. The computer system of claim 18, wherein said object is an operating system 
controlled resource. 

20. The computer system of claim 19, wherein said object is selected from the group 
consisting of a file system, a storage volume, a directory, a file, a record, a memory 
region, a queue, a pipe, a socket, a port, or an input/output device. 

21 . The computer system of claim 18, wherein an initial owner of said object is a creator 
of said object. 

22. The computer system of claim 18, wherein said processing unit is further configured 
to permit an owner of said object to designate a first user as a new owner of said 
object, in response to detecting a UCS of said first user is a superset of said OCS. 

23. The computer system of claim 18, wherein said processing unit is further configured 
to allow a first process to change said OCS of said object to a subset of said ACS of 
said first process, in response to detecting an owner of said first process is an owner 
of said object and said ACS is a superset of said OCS. 

24. (Canceled). 

25. The computer system of claim 18, wherein said CIB further includes a creator and a 
current owner for each object residing within said MCN. 

26. A carrier medium comprising program instructions, wherein said program instructions 
are executable to: 

receive a request for access to an object; 
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consult a community information base (CIB) responsive to said request, wherein 
said CIB includes: 

a user community set (UCS) for each user of said MCN; 
an application community set (ACS) for each application on said MCN; 
and 

an object community set (OCS) for each object residing within said MCN; 

permit access to said object in response to detecting: 
said request is from a user; and 

a UCS of said user is a superset of an OCS of said object; and 

permit access to said object in response to detecting: 
said request is from a process; and 

an ACS of said process is a superset of an OCS of said object. 

27. The carrier medium of claim 26, wherein said object is an operating system controlled 
resource. 

28. The carrier medium of claim 27, wherein said object is selected from the group 
consisting of a file system, a storage volume, a directory, a file, a record, a memory 
region, a queue, a pipe, a socket, a port, or an input/output device. 

29. The carrier medium of claim 26, wherein an initial owner of said object is a_creator 
of said object. 

30. The carrier medium of claim 26, wherein said program instructions are further 
executable to permit an owner of said object to designate a first user as a new owner 
of said object, in response to detecting a UCS of said first user is a superset of said 
OCS. 
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3 1 . The carrier medium of claim 26, wherein said program instructions are further 
executable to allow a first process to change said OCS of said object to a subset of 
said ACS of said first process, in response to detecting an owner of said first process 
is an owner of said object and said ACS is a superset of said OCS. 

32. (Canceled). 

33. (Canceled). 

34. The carrier medium of claim 26, wherein said CIB further includes a creator and a 
current owner for each object residing within said MCN. 
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IX. EVIDENCE APPENDIX 

No evidence submitted under 37 CFR §§ 1.130, 1.131 or 1.132 or otherwise 
entered by the Examiner is relied upon in this appeal. 



27/28 



Application Serial No. 09/981,608 - Filed October 16, 2001 



X. RELATED PROCEEDINGS APPENDIX 

There are no related proceedings. 
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